From 85c6649e839e28d30c239bf0d2bebb11ef74d12d Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Thu, 4 Oct 2018 13:05:14 +0200
Subject: [PATCH] rpm: Use hardened LDFLAGS

Currently, we do pass the hardened CFLAGS and CPPFLAGS when building the
code. However, we do not pass the hardened flags to the linker. This
means that the binaries are linked without the options like -Wl,-z,now.
As a result, we do not fully harden the binaries that we build.

This commit fixes this by passing the RPM_LD_FLAGS to the linker so the
builds are linked with the properly hardened flags.

Fixes: http://tracker.ceph.com/issues/36316

Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit ea6d7d2c9878b08528d120aa35e2fd9e18b3ba0f)
---
 ceph.spec.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ceph.spec.in b/ceph.spec.in
index 3a9824b7dde9..7a536d8af0c3 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -870,6 +870,7 @@ RPM_OPT_FLAGS="$RPM_OPT_FLAGS --param ggc-min-expand=20 --param ggc-min-heapsize
 export CPPFLAGS="$java_inc"
 export CFLAGS="$RPM_OPT_FLAGS"
 export CXXFLAGS="$RPM_OPT_FLAGS"
+export LDFLAGS="$RPM_LD_FLAGS"
 
 # Parallel build settings ...
 CEPH_MFLAGS_JOBS="%{?_smp_mflags}"
-- 
2.47.3